MageDispatch.com - The latest in Magento land

NGINX - Polyshell blocker

NGINX config to block the Polyshell upload exploit at the edge, denying API and media paths regardless of location rules. Includes allowlisting, Hypernode/Maxcluster setup steps, and commands to scan affected paths and logs.

https://gist.github.com/JeroenBoersma/d5c33066d7b0a7c69736a3d0f67ac9b1

#nginx #security #polyshell #rest-api

07 Apr 2026

Polyshell Vulnerability Fix

A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections.

https://github.com/taurus-media/module-polyshell-fix

1

3

#security #polyshell

24 Mar 2026

PolyshellPatch

Mitigates the PolyShell vulnerability (APSB25-94) — an unrestricted file upload in the Magento REST API that allows attackers to upload executable files via cart item custom option file uploads.

https://github.com/markshust/magento-polyshell-patch

12

62

#security #vulnerability #patch #polyshell

24 Mar 2026

polyshell

NGINX - Polyshell blocker

Polyshell Vulnerability Fix

PolyshellPatch

The latest about Magento in your mailbox?